Home News Events Press Releases OTA Names Most Trustworthy Websites in Australia & New Zealand

OTA Names Most Trustworthy Websites in Australia & New Zealand

JP Morgan Chase, Coles, New Zealand Post, Kogan and Virgin Australia Among Those to Make ANZ Honour Roll for Best Security and Privacy Practices

Tue, Nov 25, 2014

SEATTLE – The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust and innovation, announced today the results of its 2014 Australia and New Zealand (ANZ) Online Trust Audit.

Out of 150 regional consumer and government websites evaluated, 14 percent made OTA’s ANZ Honour Roll, distinguishing themselves as responsible stewards of customer data at all levels of their organisation. The 21 companies to land on the ANZ Honour Roll excelled in all three of the audit’s scoring categories:

  • Domain, Brand and Consumer Protection
  • Data Protection, Privacy and Transparency
  • Site, Server and Infrastructure Security
 AUSTRALIA— JP Morgan Chase —
 Australian Taxation Office  Kogan
 AVG Technologies New South Wales Government —
 Catch of the Day Rio Tinto
 Commonwealth Bank The Age
 Coles The Sydney Morning Herald
 David Jones True Local —
 Gumtree Virgin Australia —
 JB HI-FI — Xero
 HealthPost Trade Me
 New Zealand Post Xero

“At Commonwealth Bank, we understand that privacy and security are central to the trust our customers have in us, and we take that responsibility very seriously,” said Ben Heyes, General Manager Cyber Security and Privacy, Commonwealth Bank of Australia. “CBA’s inclusion in the Online Trust Alliance’s Honour Roll is indicative of our continued focus on ensuring our customers’ data is safe and secure and that their privacy is protected.”

HealthPost Ltd. CEO Abel Butler added, “Having our customers trust us is as crucial to HealthPost as great products, customer service and ethics. To be named to the first-ever ANZ Online Trust Audit and Honour Roll for online privacy and data protection practices is an honour. The OTA’s recognition of our work has encouraged us to implement yet more of the online privacy and data protection best practices. We believe that people have a right to expect that the organisations who they share their personal information with online will take that responsibility seriously.”

“Everything we do at AVG has the aim of making the online experience a safe and positive one. Our technology is high performance protection against the malicious threats to our connected world. This prestigious award is wonderful recognition for our efforts,” Michael McKinnon, Security Advisor at AVG Technologies, said.

Unfortunately, not only did 86 percent of websites score too low to merit ANZ Honour Roll inclusion, but 75 percent failed at least one of the three above categories. A failing score indicates that the website is especially vulnerable to potential site vulnerabilities, email/domain spoofing and spear phishing, or has a privacy policy failing to conspicuously disclose data collection, retention and sharing practices. The outdated privacy policies are concerning despite the recent Privacy Act changes that went into effect in March 2014 in Australia and the revision of privacy legislation currently under consideration in New Zealand.

Chair of the New Zealand Internet Task Force (NZITF) Barry Brailey remarked, “I applaud the New Zealand companies that achieved Honour Roll status, including NZITF members TradeMe and Xero. This is no small achievement. Working with NZITF, OTA is leading the way to help organisations see the value in consumer and brand protection initiatives.”

“OTA commends the companies that have demonstrated a commitment toward respecting consumer privacy and safeguarding sensitive data,” said OTA Executive Director and President Craig Spiezle. “On the other hand, those that failed demonstrated a penchant for operational oversights, mistakes and an apparent lack of attention to consumer protection. This report serves as a wake-up call for consumers to think twice about where they shop, bank and click. It also stresses how important it is for businesses to be more vigilant in their security and privacy practices.”

By comparison, a June 2014 OTA audit assessing the trustworthiness of approximately 800 websites resulted in 26 percent of companies qualifying for the Global Honour Roll.  OTA’s comprehensive audit underscores the importance of continued monitoring of security and privacy practices and the risks of becoming complacent. As cybercrime escalates, yesterday’s practices and technologies may no longer be applicable or meet today’s regulatory or threat landscape.

Domain, Brand and Consumer Protection: Inadequacies in this category were the primary cause of audit failures, with 51 percent of ANZ websites missing the mark. Websites were penalized for incomplete email authentication measures leaving users vulnerable to spear phishing and email forgery, as well as for not locking their domains to prevent unauthorised transfer requests.

Data Protection, Privacy and Transparency: One-third of the evaluated websites failed this category, largely due to insufficient disclosures addressing data use, retention and sharing. Other companies were marked down for outdated privacy policies and use of website trackers that share information with unaffiliated third parties.

Site, Server and Infrastructure Security: Only 17 percent of websites failed this category, indicating most companies are following at least minimum best practice recommendations, including enhanced Secure Sockets Layer technologies that address threats such as HeartBleed and Poodle, and disabling support for SSL 3.0. Adoption of session encryption through the implementation of “always on SSL” was on par with the global report.

The selection of sites to the ANZ 150 was based on a combination of factors including consumer site traffic within Australia and New Zealand, prevalence of past brand jacking or phishing exploits and industry sector leadership. The complete 2014 ANZ 150 Audit & Honour Roll report and methodology can be accessed at https://otalliance.org/HonourRoll.

About OTA: 

The   Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors.